Denial-of-Service Vulnerability in SCALANCE S602, S612, S623, and S627-2M by Siemens
CVE-2019-13926

7.5HIGH

Key Information:

Vendor: Siemens
Status: Scalance S602; Scalance S612; Scalance S623; Scalance S627-2m
Vendor: CVE Published:; 11 February 2020

Summary

A vulnerability has been detected in various SCALANCE devices that may lead to a Denial-of-Service condition for the web server. When specially crafted packets are sent to port 443/tcp of affected models, it can result in server downtime. Restoring functionality requires a cold reboot of the device, which necessitates immediate action to prevent prolonged service interruptions.

Affected Version(s)

SCALANCE S602 All versions >= V3.0 and < V4.1

SCALANCE S612 All versions >= V3.0 and < V4.1

SCALANCE S623 All versions >= V3.0 and < V4.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-59140...

x_refsource_CONFIRM

https://www.us-cert.gov/ics/advisories/icsa-20-042-10

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2020
Vulnerability Reserved
Jul 18, 2019